cannot invoke cloud function from cloud scheduler

0
votes
  1. my cloud scheduler by default taking "project-id-compute@developer.gserviceaccount.com" for oidc token through terraform.
  2. i have assigned the role "cloud scheduler service agent" to this service account.
  3. Also assigned role/cloudfunction.invoker to the same. still i am getting permission denied error on my scheduler logs.
  4. for me there is no SA in this format "service-project-id@gcp-sa-cloudscheduler.iam.gserviceaccount.com" also i dont think SA name should affect as the same permissions or role required i have given to the default one.

what could possibly go wrong?

1
google-cloud-platformgoogle-cloud-functionsscheduler
Did you defined something into the audience field?guillaume blaquiere
yes the same url for cloud function that is "https://{zone}-{project-id}.cloudfunctions.net/hello"jagriti priya

1 Answers

0
votes

You need the Cloud Scheduler agent service account service-<project-number>@gcp-sa-cloudscheduler.iam.gserviceaccount.com (not project_id as mentioned in your question)

Simply go to the IAM page, click on add, fill the email field with the correct service account name, and grand the cloud scheduler service agent role on it.